sydneyrsmith.com Open in urlscan Pro
192.185.75.66 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://whitetzfx.com/billredd/redirection.php
Effective URL:
https://sydneyrsmith.com/newbtoma/secure.business.bt/
Submission Tags: 7513158
Submission: On May 11 via api (May 11th 2022, 10:10:14 am UTC) from US — Scanned from FR

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 10 HTTP transactions. The main IP is 192.185.75.66, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is sydneyrsmith.com.
TLS certificate: Issued by R3 on April 29th 2022. Valid for: 3 months.

This is the only time sydneyrsmith.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BT (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
1 2	2a06:98c1:312... 2a06:98c1:3121::a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	192.185.75.66 192.185.75.66	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
10	2

2 2a06:98c1:3121::a (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

whitetzfx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 192.185.75.66 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-185-75-66.unifiedlayer.com

sydneyrsmith.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	sydneyrsmith.com sydneyrsmith.com	109 KB
2	whitetzfx.com 1 redirects whitetzfx.com	1 KB
10	2

	Domain	Requested by
9	sydneyrsmith.com	whitetzfx.com sydneyrsmith.com
2	whitetzfx.com	1 redirects
10	2

This site contains no links.

Subject Issuer	Validity	Valid
*.whitetzfx.com E1	`2022-04-24` - `2022-07-23`	3 months	crt.sh
*.sydneyrsmith.com R3	`2022-04-29` - `2022-07-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://sydneyrsmith.com/newbtoma/secure.business.bt/
Frame ID: 2D1A226A5DF8985B95A68D330832E54B
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BT.com Business

Page URL History Show full URLs

http://whitetzfx.com/billredd/redirection.php HTTP 301
https://whitetzfx.com/billredd/redirection.php Page URL
https://sydneyrsmith.com/newbtoma/secure.business.bt/ Page URL

Page Statistics

10
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

110 kB
Transfer

486 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://whitetzfx.com/billredd/redirection.php HTTP 301
https://whitetzfx.com/billredd/redirection.php Page URL
https://sydneyrsmith.com/newbtoma/secure.business.bt/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://whitetzfx.com/billredd/redirection.php HTTP 301
https://whitetzfx.com/billredd/redirection.php

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

redirection.php
whitetzfx.com/billredd/
Redirect Chain

http://whitetzfx.com/billredd/redirection.php
https://whitetzfx.com/billredd/redirection.php

234 B
740 B

391ms
346ms

Document
text/html

2a06:98c1:3121::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://whitetzfx.com/billredd/redirection.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.2.34

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 709a1f831a8d39b7-CDG
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Wed, 11 May 2022 10:10:08 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qINZH5Zyo3%2BI9xwdoxK8OJXb6Ynw48seWO5JveQsxEgrdvZeMyJcE1cg%2FZH%2B9mvIdeZ%2FXvRA9MRPoP3H4gxQnBNol2GWa7UgqLaHhh0HUJDDG4fkJiKdCXs9SPUFpgFaYnWQFcAGFNC8suGR"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/7.2.34

Redirect headers

CF-RAY: 709a1f827c9e99a5-CDG
Cache-Control: max-age=3600
Connection: keep-alive
Date: Wed, 11 May 2022 10:10:08 GMT
Expires: Wed, 11 May 2022 11:10:08 GMT
Location: https://whitetzfx.com/billredd/redirection.php
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J45yp1SCqlyzA86tdWcywYQHclYGBfqJLLKEx9UkKFK4r%2Fm1ULW5NiT0LjcYGLJmPD%2F%2B1sOrj8QO2sJwg44duXb9NodEFacLqrn3kgG3hKpLTQGic3rB3VWJviys3tuUFyv7fsad8nlxv18%2F"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 Primary Request / Show response
sydneyrsmith.com/newbtoma/secure.business.bt/ 77 KB
16 KB 506ms
226ms Document
text/html 192.185.75.66
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://sydneyrsmith.com/newbtoma/secure.business.bt/
Requested by: Host: whitetzfx.com
URL: https://whitetzfx.com/billredd/redirection.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.75.66 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-75-66.unifiedlayer.com
Software: Apache /
Resource Hash: aab28e04a1f89590f2a9272060e7197a61b7e4a497c31cb9abe5b84fa8aa6aac

Request headers

Referer: https://whitetzfx.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

content-encoding: gzip
content-length: 16084
content-type: text/html; charset=UTF-8
date: Wed, 11 May 2022 10:10:09 GMT
server: Apache
vary: Accept-Encoding
x-server-cache: false

GET
H2 200 app.css
sydneyrsmith.com/newbtoma/secure.business.bt/ 400 KB
84 KB 162ms
162ms Stylesheet
text/css 192.185.75.66
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://sydneyrsmith.com/newbtoma/secure.business.bt/app.css
Requested by: Host: sydneyrsmith.com
URL: https://sydneyrsmith.com/newbtoma/secure.business.bt/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.75.66 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-75-66.unifiedlayer.com
Software: Apache /
Resource Hash: c210b57691848960fca23fbfe958c0e8a50e414280ae884f8435078c2b62ac49

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sydneyrsmith.com/newbtoma/secure.business.bt/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 10:10:09 GMT
content-encoding: gzip
last-modified: Wed, 21 Apr 2021 14:42:20 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/css

GET
H2 200 bt-logo.png
sydneyrsmith.com/newbtoma/secure.business.bt/img/ 2 KB
2 KB 143ms
143ms Image
image/png 192.185.75.66
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sydneyrsmith.com/newbtoma/secure.business.bt/img/bt-logo.png
Requested by: Host: sydneyrsmith.com
URL: https://sydneyrsmith.com/newbtoma/secure.business.bt/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.75.66 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-75-66.unifiedlayer.com
Software: Apache /
Resource Hash: 712fa317d781d2e0119f795213ba35afb8ada6c3d9e1c46b71d24ababd20c12a

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sydneyrsmith.com/newbtoma/secure.business.bt/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 10:10:09 GMT
last-modified: Wed, 21 Apr 2021 13:56:00 GMT
server: Apache
accept-ranges: bytes
content-length: 2428
content-type: image/png

GET
H2 200 search.svg
sydneyrsmith.com/newbtoma/secure.business.bt/ 1 KB
1 KB 144ms
143ms Image
image/svg+xml 192.185.75.66
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sydneyrsmith.com/newbtoma/secure.business.bt/search.svg
Requested by: Host: sydneyrsmith.com
URL: https://sydneyrsmith.com/newbtoma/secure.business.bt/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.75.66 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-75-66.unifiedlayer.com
Software: Apache /
Resource Hash: a2612713754f61fc38c5968a1c3ce6057ba4c42b5bb2011a78b55e8913b5f13b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sydneyrsmith.com/newbtoma/secure.business.bt/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 10:10:09 GMT
last-modified: Wed, 21 Apr 2021 13:55:38 GMT
server: Apache
accept-ranges: bytes
content-length: 1287
content-type: image/svg+xml

GET
H2 200 promo-My-Account-app-V2.png
sydneyrsmith.com/newbtoma/secure.business.bt/img/ 5 KB
6 KB 269ms
269ms Image
image/png 192.185.75.66
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sydneyrsmith.com/newbtoma/secure.business.bt/img/promo-My-Account-app-V2.png
Requested by: Host: sydneyrsmith.com
URL: https://sydneyrsmith.com/newbtoma/secure.business.bt/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.75.66 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-75-66.unifiedlayer.com
Software: Apache /
Resource Hash: b7850fe9722613f42e35824c8de185534ebb407fda3f8b600313621b9c6ab122

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sydneyrsmith.com/newbtoma/secure.business.bt/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 10:10:09 GMT
last-modified: Wed, 21 Apr 2021 13:54:06 GMT
server: Apache
accept-ranges: bytes
content-length: 5621
content-type: image/png

GET
H2 404 newbt-webfont.woff
sydneyrsmith.com/Content/GroupsAndPermissions/assets/fonts/ 0
0 210ms
209ms Font
text/html 192.185.75.66
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://sydneyrsmith.com/Content/GroupsAndPermissions/assets/fonts/newbt-webfont.woff
Requested by: Host: sydneyrsmith.com
URL: https://sydneyrsmith.com/newbtoma/secure.business.bt/app.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.75.66 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-75-66.unifiedlayer.com
Software: Apache /
Resource Hash

Request headers

Referer: https://sydneyrsmith.com/newbtoma/secure.business.bt/app.css
Origin: https://sydneyrsmith.com
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 10:10:09 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://sydneyrsmith.com/index.php/wp-json/>; rel="https://api.w.org/"
content-length: 7842
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 404 bt.woff
sydneyrsmith.com/Content/GroupsAndPermissions/assets/fonts/ 0
0 205ms
205ms Font
text/html 192.185.75.66
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://sydneyrsmith.com/Content/GroupsAndPermissions/assets/fonts/bt.woff?-rgl3n4
Requested by: Host: sydneyrsmith.com
URL: https://sydneyrsmith.com/newbtoma/secure.business.bt/app.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.75.66 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-75-66.unifiedlayer.com
Software: Apache /
Resource Hash

Request headers

Referer: https://sydneyrsmith.com/newbtoma/secure.business.bt/app.css
Origin: https://sydneyrsmith.com
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 10:10:09 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://sydneyrsmith.com/index.php/wp-json/>; rel="https://api.w.org/"
content-length: 7842
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 404 bt.ttf
sydneyrsmith.com/Content/GroupsAndPermissions/assets/fonts/ 0
0 242ms
242ms Font
text/html 192.185.75.66
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://sydneyrsmith.com/Content/GroupsAndPermissions/assets/fonts/bt.ttf?-rgl3n4
Requested by: Host: sydneyrsmith.com
URL: https://sydneyrsmith.com/newbtoma/secure.business.bt/app.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.75.66 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-75-66.unifiedlayer.com
Software: Apache /
Resource Hash

Request headers

Referer: https://sydneyrsmith.com/newbtoma/secure.business.bt/app.css
Origin: https://sydneyrsmith.com
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 10:10:09 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://sydneyrsmith.com/index.php/wp-json/>; rel="https://api.w.org/"
content-length: 7842
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 404 newbt-webfont.ttf
sydneyrsmith.com/Content/GroupsAndPermissions/assets/fonts/ 0
0 257ms
257ms Font
text/html 192.185.75.66
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://sydneyrsmith.com/Content/GroupsAndPermissions/assets/fonts/newbt-webfont.ttf
Requested by: Host: sydneyrsmith.com
URL: https://sydneyrsmith.com/newbtoma/secure.business.bt/app.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.75.66 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 192-185-75-66.unifiedlayer.com
Software: Apache /
Resource Hash

Request headers

Referer: https://sydneyrsmith.com/newbtoma/secure.business.bt/app.css
Origin: https://sydneyrsmith.com
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 11 May 2022 10:10:09 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://sydneyrsmith.com/index.php/wp-json/>; rel="https://api.w.org/"
content-length: 7842
expires: Wed, 11 Jan 1984 05:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BT (Telecommunication)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://sydneyrsmith.com/Content/GroupsAndPermissions/assets/fonts/bt.woff?-rgl3n4 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sydneyrsmith.com/Content/GroupsAndPermissions/assets/fonts/newbt-webfont.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sydneyrsmith.com/Content/GroupsAndPermissions/assets/fonts/bt.ttf?-rgl3n4 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sydneyrsmith.com/Content/GroupsAndPermissions/assets/fonts/newbt-webfont.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

sydneyrsmith.com
whitetzfx.com
192.185.75.66
2a06:98c1:3121::a
712fa317d781d2e0119f795213ba35afb8ada6c3d9e1c46b71d24ababd20c12a
a2612713754f61fc38c5968a1c3ce6057ba4c42b5bb2011a78b55e8913b5f13b
aab28e04a1f89590f2a9272060e7197a61b7e4a497c31cb9abe5b84fa8aa6aac
b7850fe9722613f42e35824c8de185534ebb407fda3f8b600313621b9c6ab122
c210b57691848960fca23fbfe958c0e8a50e414280ae884f8435078c2b62ac49

sydneyrsmith.com Open in urlscan Pro 192.185.75.66 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

10 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

110 kBTransfer

486 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

4 Console Messages

Security Headers

Indicators

sydneyrsmith.com Open in urlscan Pro
192.185.75.66 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

110 kB
Transfer

486 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!